Following the discovery of a vulnerability (documented here) that allows the remote installation of spyware on mobile devices, WhatApp has issued a warning to all 1.5 billion of its users to update to the latest version of its app. Uncovered by Facebook-owned WhatsApp in early May, the vulnerability was found to leverage a bug in the audio call feature of the app that enabled malicious actors to inject spyware onto the device, regardless of whether or not the call was actually picked up. According to the Financial Times, the spyware used in the attack is believed to have been Israel-based NSO Group’s Pegasus, although the group has so far denied having any knowledge of or involvement with this specific application of their software. Pegasus, a well known surveillance package usually licensed to governments for crime fighting and anti-terror investigations, has the ability to collect intimate data from a device, including location data and information recorded through the microphone and camera.
As the investigation is ongoing, it is still unclear exactly how many users have been affected by this latest attack. It is suspected that due to the non-trivial nature of the deployment, any attempts would have been limited to advanced and highly motivated actors targeting the sensitive communications of journalists, lawyers, activists, and human rights defenders. Nevertheless, WhatsApp quickly issued an update to render the attack inoperable and urged all of its users to upgrade to the latest version of the app to “protect against potential targeted exploits designed to compromise information stored on mobile devices”.
Significance for mobile users
Although an extremely targeted attack that has seemingly been resolved, this discovery serves as a major warning for all mobile device users. As the line between personal and business usage continues to blur, our devices and the sensitive data they hold become more and more vulnerable to attack. And now the fact that the most widely used messaging service in the world can be compromised, despite the end-to-end encryption of WhatsApp’s messages, is a serious cause for concern. Following the breach, Amnesty International expressed concern that hackers were able to “infect your phone without you actually taking action” (referring to the fact that the user did not even need to answer the call for the spyware to infect the device). For organizations and individual mobile users, this highlights the huge risk that exists to the safety of personal and corporate data, as well as the apparent lack of options for defense.
What can we do?
The main takeaway from this incident for mobile users should be recognizing that there is a real need to protect devices from mobile-specific threats. Mobile devices are not protected by security systems such as firewalls, web gateways, and endpoint protection platforms. They are especially vulnerable to threats such as phishing and malware infection. Attacks like this one disclosed today demonstrate that threats are no longer restricted to traditional means, like email and web browsers, but also to popular mobile services like social media and messaging apps.
In order to protect their devices, WhatsApp and mobile users should first follow the advice of WhatsApp and upgrade to the latest version of the app. As well this, users need to ensure that their device is running the latest version of their mobile operating system to take advantage of the latest security patches and updates.
Dedicated security software is also becoming a crucial aspect of mobile threat defense as mobile use continues to grow. For example, Corrata Security and Control provides protection from potential threats by checking every connection between the device and any external servers and blocking anything that seems suspicious. This ensures two things: that malware is prevented from getting onto the device while any malicious code that may already be on the device is blocked from sending information back to its server.
To find out more about how Corrata Security and Control can protect your mobile fleet from threats such as this, visit www.corrata.com.